I guess I'm just dense and stupid. Won't that fail since the CA IC cert won't be signed by the CA cert identified as it's issuer?
-----Original Message----- From: owner-openssl-us...@openssl.org on behalf of David Schwartz Sent: Wed 2/24/2010 4:06 PM To: openssl-users@openssl.org Subject: RE: Sign an SSL certificate with mutile trusted roots? Ooops, tiny mistake: > Again, the "fake IC" is a certificate signed by the manufacturer's CA > with no AKID. This part was incorrect. It should read "with its SKID". So the short version is: Simply have the manufacturer's CA sign the CA's IC. Use that IC along with the CA's IC in the server. It should then magically work. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
